Merge b7f2254ee6 into ea8837e4b9

Добавлен вызов pam_acct_mgmt() после pam_authenticate() для проверки
прав доступа на уровне PAM (HBAC, истечение пароля, блокировка учётки)
Исправлена передача реального username в pam_start() вместо '3proxy@'

---

Added pam_acct_mgmt() call after pam_authenticate() to enable PAM
account checks (HBAC, password expiration, account lockout).
Fixed pam_start() to pass actual username instead of hardcoded '3proxy@'
Tested with FreeIPA 4.12 + SSSD Rocky Linux 9

.github/workflows/c-cpp.yml

@@ -25,7 +25,7 @@ jobs:
 #      run: ./configure
     - name: Linux libraries
       if: ${{ startsWith(matrix.target, 'ubuntu') }}
-      run: sudo apt install libssl-dev libpam-dev libpcre3 libpcre3-dev
+      run: sudo apt install libssl-dev libpam-dev libpcre2-dev
     - name: make Ubuntu
       if: ${{ startsWith(matrix.target, 'ubuntu') }}
       run: make -f Makefile.Linux
@@ -40,7 +40,7 @@ jobs:
       run: make -f Makefile.Linux clean
     - name: Mac libraries
       if: ${{ startsWith(matrix.target, 'macos') }}
-      run: brew install pcre
+      run: brew install pcre2
     - name: make MacOS
       if: ${{ startsWith(matrix.target, 'macos') }}
       run: make -f Makefile.FreeBSD
@@ -59,15 +59,21 @@ jobs:
     - name: make clean Windows
       if: ${{ startsWith(matrix.target, 'windows') }}
       run: make -f Makefile.win clean
-#    - name: make Windows MSVC
+    - name: Add msbuild to PATH
-#      if: ${{ startsWith(matrix.target, 'windows') }}
+      if: ${{ startsWith(matrix.target, 'windows') }}
-#      shell: cmd
+      uses: microsoft/setup-msbuild@v3
-#      run: |
+    - name: make Windows MSVC
-#       call "C:\Program Files (x86)\Microsoft Visual Studio\2019\Enterprise\VC\Auxiliary\Build\vcvars64.bat"
+      if: ${{ startsWith(matrix.target, 'windows') }}
-#       nmake /F Makefile.msvc64'
+      shell: cmd
-#      env:
+      run: |
-#       LIBS: '-L "c:/program files/openssl/lib/VC/x64/MT"'
+       call "C:\Program Files\Microsoft Visual Studio\2022\Enterprise\VC\Auxiliary\Build\vcvars64.bat"
-#       CFLAGS: '-I "c:/program files/openssl/include"'
+       D:
-#    - name: make clean Windows
+       cd "D:/a/3proxy/3proxy"
-#      if: ${{ startsWith(matrix.target, 'windows') }}
+       vcpkg install pcre2:x64-windows
-#      run: nmake /F Makefile.msvc64 clean
+       mkdir bin64
+       set "LIB=%LIB%;c:/program files/openssl/lib/VC/x64/MT;c:/vcpkg/installed/x64-windows/lib"
+       nmake /F Makefile.msvc64
+       nmake /F Makefile.msvc64 clean
+      env:
+       CFLAGS: '-I "c:/program files/openssl/include" -I "c:/vcpkg/installed/x64-windows/include"'
+

.gitignore

@@ -259,3 +259,4 @@ pip-log.txt
 
 #Mr Developer
 .mr.developer.cfg
+CLAUDE.md

Dockerfile.full

@@ -1,4 +1,4 @@
-# 3proxy.full is fully functional 3proxy build based on busibox:glibc
+# 3proxy.full is fully functional 3proxy build based on busybox:glibc
 #
 #to  build:
 # docker build -f Dockerfile.full -t 3proxy.full .
@@ -13,8 +13,11 @@
 # docker run -p 3129:3129 -v /path/to/local/config/directory:/usr/local/3proxy/conf -name 3proxy.full 3proxy.full
 #
 # /path/to/local/config/directory in this example must conrain 3proxy.cfg
-# if you need 3proxy to be executed without chroot with root permissions, replace /etc/3proxy/3proxy.cfg by e.g. mounting config
+# if you need 3proxy to be executed without chroot with root permissions
+# replace /etc/3proxy/3proxy.cfg by e.g. mounting config
 # dir to /etc/3proxy ot by providing config file /etc/3proxy/3proxy.cfg
+# some plugins like SSLPLugin / pamauth also conflict with chroot and must
+# be started prior to chroot.
 # docker run -p 3129:3129 -v /path/to/local/config/directory:/etc/3proxy -name 3proxy.full 3proxy.full
 #
 # use "log" without pathname in config to log to stdout.
@@ -24,9 +27,7 @@
 FROM gcc AS buildenv
 COPY . 3proxy
 RUN cd 3proxy &&\
- echo "">> Makefile.Linux &&\
+ apt update && apt install libssl-dev libpam-dev libpcre2-dev &&\
- echo PLUGINS = StringsPlugin TrafficPlugin PCREPlugin TransparentPlugin SSLPlugin>>Makefile.Linux &&\
- echo LIBS = -l:libcrypto.a -l:libssl.a -ldl >>Makefile.Linux &&\
  make -f Makefile.Linux &&\
  strip bin/3proxy &&\
  strip bin/StringsPlugin.ld.so &&\

Makefile.FreeBSD

@@ -15,8 +15,8 @@ LDFLAGS += -pthread -fno-strict-aliasing
 # -ldl or -lld may be required for some platforms
 DCFLAGS ?= -fPIC
 DLFLAGS ?= -shared
-DLSUFFICS = .so
 LIBS ?=
+DLSUFFICS = .so
 LIBSPREFIX = -l
 LIBSSUFFIX = 
 LNOUT = -o 
@@ -30,16 +30,15 @@ TYPECOMMAND = cat
 COMPATLIBS =
 MAKEFILE = Makefile.FreeBSD
 PLUGINS ?= StringsPlugin TrafficPlugin TransparentPlugin
-OPENSSL_CHECK = $(shell echo "\#include <openssl/ssl.h>\\n int main(){return 0;}" | cc -x c $(CFLAGS) $(LDFLAGS) -l crypto -l ssl -o testssl - 2>/dev/null && rm testssl && echo true||echo false)
+OPENSSL_CHECK = $(shell echo "\#include <openssl/ssl.h>\\n int main(){return 0;}" | tr -d \\\\ | cc -x c $(CFLAGS) $(LDFLAGS) -l crypto -l ssl -o testssl - 2>/dev/null && rm testssl && echo true||echo false)
 ifeq ($(OPENSSL_CHECK), true)
-    LIBS += -l crypto -l ssl
     PLUGINS += SSLPlugin
 endif
-PAM_CHECK = $(shell echo "\#include <security/pam_appl.h>\\n int main(){return 0;}" | cc -x c $(CFLAGS) $(LDFLAGS) -l pam -o testpam - 2>/dev/null && rm testpam && echo true||echo false)
+PAM_CHECK = $(shell echo "\#include <security/pam_appl.h>\\n int main(){return 0;}" | tr -d \\\\ | cc -x c $(CFLAGS) $(LDFLAGS) -l pam -o testpam - 2>/dev/null && rm testpam && echo true||echo false)
 ifeq ($(PAM_CHECK), true)
     PLUGINS += PamAuth
 endif
-PCRE_CHECK = $(shell echo "\#include <pcre.h>\\n int main(){return 0;}" | cc -x c $(CFLAGS) $(LDFLAGS) -l pcre -o testpcre - 2>/dev/null && rm testpcre && echo true||echo false)
+PCRE_CHECK = $(shell echo "\#define PCRE2_CODE_UNIT_WIDTH 8\\n\#include <pcre2.h>\\n int main(){return 0;}" | tr -d \\\\ | cc -x c $(CFLAGS) $(LDFLAGS) -l pcre2-8 -o testpcre - 2>/dev/null && rm testpcre && echo true||echo false)
 ifeq ($(PCRE_CHECK), true)
     PLUGINS += PCREPlugin
 endif

Makefile.Linux

@@ -36,16 +36,15 @@ MAKEFILE = Makefile.Linux
 LIBS ?= -ldl 
 #PLUGINS = SSLPlugin StringsPlugin TrafficPlugin PCREPlugin TransparentPlugin PamAuth
 PLUGINS ?= StringsPlugin TrafficPlugin TransparentPlugin
-OPENSSL_CHECK = $(shell echo "#include <openssl/ssl.h>\\n int main(){return 0;}" | cc -x c $(CFLAGS) $(LDFLAGS) -l crypto -l ssl -o testssl - 2>/dev/null && rm testssl && echo true||echo false)
+OPENSSL_CHECK = $(shell echo "\#include <openssl/ssl.h>\\n int main(){return 0;}" | tr -d \\\\ | cc -x c $(CFLAGS) $(LDFLAGS) -l crypto -l ssl -o testssl - 2>/dev/null && rm testssl && echo true||echo false)
 ifeq ($(OPENSSL_CHECK), true)
-    LIBS += -l crypto -l ssl
     PLUGINS += SSLPlugin
 endif
-PCRE_CHECK = $(shell echo "#include <pcre.h>\\n int main(){return 0;}" | cc -x c $(CFLAGS) $(LDFLAGS) -l pcre -o testpcre - 2>/dev/null && rm testpcre && echo true||echo false)
+PCRE_CHECK = $(shell echo "\#define PCRE2_CODE_UNIT_WIDTH 8\\n\#include <pcre2.h>\\n int main(){return 0;}" | tr -d \\\\ | cc -x c $(CFLAGS) $(LDFLAGS) -l pcre2-8 -o testpcre - 2>/dev/null && rm testpcre && echo true||echo false)
 ifeq ($(PCRE_CHECK), true)
     PLUGINS += PCREPlugin
 endif
-PAM_CHECK = $(shell echo "#include <security/pam_appl.h>\\n int main(){return 0;}" | cc -x c $(CFLAGS) $(LDFLAGS) -l pam -o testpam - 2>/dev/null && rm testpam && echo true||echo false)
+PAM_CHECK = $(shell echo "\#include <security/pam_appl.h>\\n int main(){return 0;}" | tr -d \\\\ | cc -x c $(CFLAGS) $(LDFLAGS) -l pam -o testpam - 2>/dev/null && rm testpam && echo true||echo false)
 ifeq ($(PAM_CHECK), true)
     PLUGINS += PamAuth
 endif

Makefile.msvc

@@ -14,8 +14,7 @@ LN = link
 LDFLAGS =  /nologo /subsystem:console /incremental:no /machine:I386
 DLFLAGS = /DLL
 DLSUFFICS = .dll
-LIBS = ws2_32.lib advapi32.lib odbc32.lib user32.lib kernel32.lib Gdi32.lib Crypt32.lib  libcrypto.lib libssl.lib
+LIBS = ws2_32.lib advapi32.lib odbc32.lib user32.lib kernel32.lib Gdi32.lib Crypt32.lib 
-LIBSOLD = libeay32MT.lib ssleay32MT.lib
 LIBSPREFIX = 
 LIBSSUFFIX = .lib
 LIBEXT = .lib                                                                                               

Makefile.msvc64

@@ -10,14 +10,13 @@ MAKEFILE = Makefile.msvc64
 
 BUILDDIR = ../bin64/
 CC = cl
-CFLAGS = /nologo /MT /W3 /Ox /EHs- /GS /GA /GF /D "MSVC" /D "WITH_STD_MALLOC" /D "WITH_SSL" /D "WITH_WSAPOLL" /D "NDEBUG" /D "WIN32" /D "_CONSOLE" /D "_MBCS" /D "_WIN32" /D "PRINTF_INT64_MODIFIER=\"I64\"" /Fp"proxy.pch" /FD /c $(VERSION) $(BUILDDATE)
+CFLAGS = /nologo /MT /W3 /Ox /EHs- /GS /GA /GF /D "MSVC" /D "WITH_STD_MALLOC" /D "WITH_SSL" /D "WITH_WSAPOLL" /D "NDEBUG" /D "WIN32" /D "_CONSOLE" /D "_MBCS" /D "_WIN32" /D "PRINTF_INT64_MODIFIER=\"I64\"" /Fp"proxy.pch" /FD /c $(VERSION) $(BUILDDATE) $(CFLAGS)
 COUT = /Fo
 LN = link
 LDFLAGS = /nologo /subsystem:console /incremental:no /machine:x64
 DLFLAGS = /DLL
 DLSUFFICS = .dll
-LIBS = ws2_32.lib advapi32.lib odbc32.lib user32.lib kernel32.lib Gdi32.lib Crypt32.lib libcrypto.lib libssl.lib
+LIBS = ws2_32.lib advapi32.lib odbc32.lib user32.lib kernel32.lib Gdi32.lib Crypt32.lib $(LIBS)
-LIBSOLD = libeay32.lib ssleay32.lib
 LIBSPREFIX = 
 LIBSSUFFIX = .lib
 LIBEXT = .lib

Makefile.msvcARM64

@@ -14,7 +14,7 @@ LN = link
 LDFLAGS = /nologo /subsystem:console /incremental:no /machine:arm64
 DLFLAGS = /DLL
 DLSUFFICS = .dll
-LIBS = ws2_32.lib advapi32.lib odbc32.lib user32.lib kernel32.lib Gdi32.lib libcrypto.lib libssl.lib
+LIBS = ws2_32.lib advapi32.lib odbc32.lib user32.lib kernel32.lib Gdi32.lib
 LIBSOLD =
 LIBSPREFIX = 
 LIBSSUFFIX = .lib

Makefile.openwrt-mips

@@ -31,21 +31,18 @@ TYPECOMMAND = cat
 COMPATLIBS =
 MAKEFILE = Makefile.openwrt-mips
 # PamAuth requires libpam, you may require pam-devel package to be installed
-# SSLPlugin requires  -lcrypto -lssl
-#LIBS = -lcrypto -lssl -ldl 
 LIBS ?= -ldl 
 #PLUGINS = SSLPlugin StringsPlugin TrafficPlugin PCREPlugin TransparentPlugin PamAuth
 PLUGINS ?= StringsPlugin TrafficPlugin TransparentPlugin
-OPENSSL_CHECK = $(shell echo "#include <openssl/ssl.h>\\n int main(){return 0;}" | cc -x c $(CFLAGS) $(LDFLAGS) -l crypto -l ssl -o testssl - 2>/dev/null && rm testssl && echo true||echo false)
+OPENSSL_CHECK = $(shell echo "\#include <openssl/ssl.h>\\n int main(){return 0;}" | tr -d \\\\ | cc -x c $(CFLAGS) $(LDFLAGS) -l crypto -l ssl -o testssl - 2>/dev/null && rm testssl && echo true||echo false)
 ifeq ($(OPENSSL_CHECK), true)
-    LIBS += -l crypto -l ssl
     PLUGINS += SSLPlugin
 endif
-PCRE_CHECK = $(shell echo "#include <pcre.h>\\n int main(){return 0;}" | cc -x c $(CFLAGS) $(LDFLAGS) -l pcre -o testpcre - 2>/dev/null && rm testpcre && echo true||echo false)
+PCRE_CHECK = $(shell echo "\#define PCRE2_CODE_UNIT_WIDTH 8\\n\#include <pcre2.h>\\n int main(){return 0;}" | tr -d \\\\ | cc -x c $(CFLAGS) $(LDFLAGS) -l pcre2-8 -o testpcre - 2>/dev/null && rm testpcre && echo true||echo false)
 ifeq ($(PCRE_CHECK), true)
     PLUGINS += PCREPlugin
 endif
-PAM_CHECK = $(shell echo "#include <security/pam_appl.h>\\n int main(){return 0;}" | cc -x c $(CFLAGS) $(LDFLAGS) -l pam -o testpam - 2>/dev/null && rm testpam && echo true||echo false)
+PAM_CHECK = $(shell echo "\#include <security/pam_appl.h>\\n int main(){return 0;}" | tr -d \\\\ | cc -x c $(CFLAGS) $(LDFLAGS) -l pam -o testpam - 2>/dev/null && rm testpam && echo true||echo false)
 ifeq ($(PAM_CHECK), true)
     PLUGINS += PamAuth
 endif

Makefile.unix

@@ -34,16 +34,15 @@ TYPECOMMAND = cat
 COMPATLIBS =
 MAKEFILE = Makefile.unix
 PLUGINS ?= StringsPlugin TrafficPlugin TransparentPlugin
-OPENSSL_CHECK = $(shell echo "\#include <openssl/ssl.h>\\n int main(){return 0;}" | cc -x c $(CFLAGS) $(LDFLAGS) -l crypto -l ssl -o testssl - 2>/dev/null && rm testssl && echo true||echo false)
+OPENSSL_CHECK = $(shell echo "\#include <openssl/ssl.h>\\n int main(){return 0;}" | tr -d \\\\ | cc -x c $(CFLAGS) $(LDFLAGS) -l crypto -l ssl -o testssl - 2>/dev/null && rm testssl && echo true||echo false)
 ifeq ($(OPENSSL_CHECK), true)
-    LIBS += -l crypto -l ssl
     PLUGINS += SSLPlugin
 endif
-PAM_CHECK = $(shell echo "\#include <security/pam_appl.h>\\n int main(){return 0;}" | cc -x c $(CFLAGS) $(LDFLAGS) -l pam -o testpam - 2>/dev/null && rm testpam && echo true||echo false)
+PAM_CHECK = $(shell echo "\#include <security/pam_appl.h>\\n int main(){return 0;}" | tr -d \\\\ | cc -x c $(CFLAGS) $(LDFLAGS) -l pam -o testpam - 2>/dev/null && rm testpam && echo true||echo false)
 ifeq ($(PAM_CHECK), true)
     PLUGINS += PamAuth
 endif
-PCRE_CHECK = $(shell echo "\#include <pcre.h>\\n int main(){return 0;}" | cc -x c $(CFLAGS) $(LDFLAGS) -l pcre -o testpcre - 2>/dev/null && rm testpcre && echo true||echo false)
+PCRE_CHECK = $(shell echo "\#define PCRE2_CODE_UNIT_WIDTH 8\\n\#include <pcre2.h>\\n int main(){return 0;}" | tr -d \\\\ | cc -x c $(CFLAGS) $(LDFLAGS) -l pcre2-8 -o testpcre - 2>/dev/null && rm testpcre && echo true||echo false)
 ifeq ($(PCRE_CHECK), true)
     PLUGINS += PCREPlugin
 endif

Makefile.win

@@ -35,20 +35,20 @@ VERSIONDEP := 3proxyres.o $(VERSIONDEP)
 BUILDDATE := $(BUILDDATE)
 AFTERCLEAN = (find . -type f -name "*.o" -delete && find . -type f -name "*.res" -delete && find src/ -type f -name "Makefile.var" -delete && find bin/ -type f -executable -delete) || true
 
-OPENSSL_CHECK = $(shell echo "#include <openssl/ssl.h>\\n int main(){return 0;}" | cc -x c $(CFLAGS) $(LDFLAGS) -l crypto -l ssl -o testssl - 2>/dev/null && rm testssl && echo true||echo false)
+ifndef OPENSSL_CHECK
+OPENSSL_CHECK = $(shell echo "\#include <openssl/ssl.h>\\n int main(){return 0;}" | tr -d '\\\\' | cc -x c $(CFLAGS) $(LDFLAGS) -l crypto -l ssl -o testssl - 2>/dev/null && rm testssl && echo true||echo false)
 ifeq ($(OPENSSL_CHECK), true)
-    LIBS += -l crypto -l ssl
     PLUGINS += SSLPlugin
 endif
-PCRE_CHECK = $(shell echo "#include <pcre.h>\\n int main(){return 0;}" | cc -x c $(CFLAGS) $(LDFLAGS) -l pcre -o testpcre - 2>/dev/null && rm testpcre && echo true||echo false)
+PAM_CHECK = $(shell echo "\#include <security/pam_appl.h>\\n int main(){return 0;}" | tr -d '\\\\' | cc -x c $(CFLAGS) $(LDFLAGS) -l pam -o testpam - 2>/dev/null && rm testpam && echo true||echo false)
-ifeq ($(PCRE_CHECK), true)
-    PLUGINS += PCREPlugin
-endif
-PAM_CHECK = $(shell echo "#include <security/pam_appl.h>\\n int main(){return 0;}" | cc -x c $(CFLAGS) $(LDFLAGS) -l pam -o testpam - 2>/dev/null && rm testpam && echo true||echo false)
 ifeq ($(PAM_CHECK), true)
     PLUGINS += PamAuth
 endif
-
+PCRE_CHECK = $(shell echo "\#define PCRE2_CODE_UNIT_WIDTH 8\\n#include <pcre2.h>\\n int main(){return 0;}" | tr -d '\\\\' | cc -x c $(CFLAGS) $(LDFLAGS) -l pcre2-8 -o testpcre - 2>/dev/null && rm testpcre && echo true||echo false)
+ifeq ($(PCRE_CHECK), true)
+    PLUGINS += PCREPlugin
+endif
+endif
 
 include Makefile.inc
 

README

@@ -141,7 +141,7 @@ make
 	+ All access control entries now support weekday and time limitations
 	+ Hostnames and * templates are supported instead of IP address
   5. Extensions
-	+ Regular expression filtering (with PCRE) via PCREPlugin
+	+ Regular expression filtering (with PCRE2) via PCREPlugin
 	+ Authentication with Windows username/password (cleartext only)
 	+ SSL/TLS decryptions with certificate spoofing
 	+ Transparent redirection support for Linux and *BSD

src/3proxy.c

@@ -13,9 +13,6 @@
 #include <dlfcn.h>
 #endif
 #else
-#ifdef WITH_SSL
-#include <openssl/applink.c>
-#endif
 
 #endif
 

src/common.c

@@ -92,49 +92,85 @@ char *rotations[] = {
 };
 
 
+int timeouts[12] = {
+	1,    /* SINGLEBYTE_S */
+	5,    /* SINGLEBYTE_L */
+	30,   /* STRING_S */
+	60,   /* STRING_L */
+	180,  /* CONNECTION_S */
+	1800, /* CONNECTION_L */
+	15,   /* DNS_TO */
+	60,   /* CHAIN_TO */
+	15,   /* CONNECT_TO */
+	5,    /* CONNBACK_TO */
+	0,
+	0
+};
+
 struct extparam conf = {
-	{0, 0}, /* threadinit */
+	.threadinit = {0, 0},
-	{1, 5, 30, 60, 180, 1800, 15, 60, 15, 5, 0, 0}, /* timeouts */
+	.timeouts = timeouts,
-	NULL, /* struct ace * acl; */
+	.acl = NULL,
-	NULL, /* char * conffile; */
+	.conffile = NULL,
-	NULL, NULL, /* struct bandlim * bandlimiter,  *bandlimiterout; */
+	.bandlimiter = NULL,
-	NULL, /* struct connlim * connlimiter; */
+	.bandlimiterout = NULL,
-	NULL, /* struct trafcount * trafcounter; */
+	.connlimiter = NULL,
-	NULL, /* struct srvparam *services; */
+	.trafcounter = NULL,
-	0, /* int stacksize, */
+	.services = NULL,
-	-1, 0, 0, 0, 0, /* counterd, haveerror, rotate, paused, archiverc, */
+	.stacksize = 0,
-	0, 500, 0, 0, 0, 0, 0, 0, 2, /* demon, maxchild, backlog, needreload, timetoexit, version, noforce, bandlimver, parentretries; */
+	.counterd = -1,
-	6, 600, /* int authcachetype, authcachetime; */
+	.haveerror = 0,
-	1048576, /* int filtermaxsize; */
+	.rotate = 0,
-	0, 0, 0, /* int gracetraf, gracenum, gracedelay */
+	.paused = 0,
-	0, /* int maxseg */
+	.archiverc = 0,
-	NULL, NULL, /* unsigned char *logname, **archiver; */
+	.demon = 0,
-	NONE, NONE, /* ROTATION logtype, countertype; */
+	.maxchild = 500,
-	NULL, /* char * counterfile; */
+	.backlog = 0,
+	.needreload = 0,
+	.timetoexit = 0,
+	.version = 0,
+	.noforce = 0,
+	.bandlimver = 0,
+	.parentretries = 2,
+	.authcachetype = 6,
+	.authcachetime = 600,
+	.filtermaxsize = 1048576,
+	.gracetraf = 0,
+	.gracenum = 0,
+	.gracedelay = 0,
+	.maxseg = 0,
+	.logname = NULL,
+	.archiver = NULL,
+	.logtype = NONE,
+	.countertype = NONE,
+	.counterfile = NULL,
 #ifndef NOIPV6
-	{AF_INET},
+	.intsa = {AF_INET},
-	{AF_INET6},
+	.extsa6 = {AF_INET6},
-	{AF_INET}, 
+	.extsa = {AF_INET},
 #else
-	{AF_INET},
+	.intsa = {AF_INET},
-	{AF_INET}, 
+	.extsa = {AF_INET},
 #endif
-	NULL,
+	.pwl = NULL,
-	NULL,
+	.authenticate = NULL,
-	doconnect,
+	.authfunc = doconnect,
-	lognone,
+	.logfunc = lognone,
-	NULL,
+	.bandlimfunc = NULL,
-	NULL,
+	.trafcountfunc = NULL,
-	NULL, NULL,
+	.logtarget = NULL,
-	NULL,
+	.logformat = NULL,
-	NULL,
+	.fmon = NULL,
-	NULL,
+	.filters = NULL,
-	NULL,
+	.authfuncs = NULL,
-	NULL,
+	.stdlog = NULL,
-	NULL,
+	.demanddialprog = NULL,
-	(time_t)0, (time_t)0,
+	.stringtable = NULL,
-	0,0,
+	.logtime = (time_t)0,
-	'@',
+	.time = (time_t)0,
+	.logdumpsrv = 0,
+	.logdumpcli = 0,
+	.delimchar = '@',
 };
 
 int numservers=0;

src/plugins/PCREPlugin/Makefile.inc

@@ -1,4 +1,8 @@
 all: $(BUILDDIR)PCREPlugin$(DLSUFFICS)
 
+pcre_plugin$(OBJSUFFICS): pcre_plugin.c
+	$(CC) $(DCFLAGS) $(CFLAGS) pcre_plugin.c
+
 $(BUILDDIR)PCREPlugin$(DLSUFFICS): pcre_plugin$(OBJSUFFICS)
-	$(LN) $(LNOUT)../../$(BUILDDIR)PCREPlugin$(DLSUFFICS) $(LDFLAGS) $(DLFLAGS) pcre_plugin$(OBJSUFFICS) $(LIBSPREFIX)pcre$(LIBSSUFFIX)
+	$(LN) $(LNOUT)../../$(BUILDDIR)PCREPlugin$(DLSUFFICS) $(LDFLAGS) $(DLFLAGS) pcre_plugin$(OBJSUFFICS) $(LIBSPREFIX)pcre2-8$(LIBSSUFFIX)
+

src/plugins/PCREPlugin/pcre_plugin.c

@@ -7,7 +7,8 @@
 
 #include "../../structures.h"
 #include <string.h>
-#include <pcre.h>
+#define PCRE2_CODE_UNIT_WIDTH 8
+#include <pcre2.h>
 
 #ifdef  __cplusplus
 extern "C" {
@@ -34,46 +35,76 @@ static struct filter pcre_first_filter = {
 
 static struct filter *pcre_last_filter;
 static int pcre_loaded = 0;
-static int pcre_options = 0;
+static uint32_t pcre_options = 0;
 
 static struct pcreopt {
 	char * name;
-	int value;	
+	uint32_t value;
 } pcreopts[]= {
 
- {"PCRE_CASELESS",           PCRE_CASELESS},
+ {"PCRE2_ALLOW_EMPTY_CLASS", PCRE2_ALLOW_EMPTY_CLASS},
- {"PCRE_MULTILINE",          PCRE_MULTILINE},
+ {"PCRE2_ALT_BSUX", PCRE2_ALT_BSUX},
- {"PCRE_DOTALL",             PCRE_DOTALL},
+ {"PCRE2_AUTO_CALLOUT", PCRE2_AUTO_CALLOUT},
- {"PCRE_EXTENDED",           PCRE_EXTENDED},
+ {"PCRE2_CASELESS", PCRE2_CASELESS},
- {"PCRE_ANCHORED",           PCRE_ANCHORED},
+ {"PCRE2_DOLLAR_ENDONLY", PCRE2_DOLLAR_ENDONLY},
- {"PCRE_DOLLAR_ENDONLY",     PCRE_DOLLAR_ENDONLY},
+ {"PCRE2_DOTALL", PCRE2_DOTALL},
- {"PCRE_EXTRA",              PCRE_EXTRA},
+ {"PCRE2_DUPNAMES", PCRE2_DUPNAMES},
- {"PCRE_NOTBOL",             PCRE_NOTBOL},
+ {"PCRE2_EXTENDED", PCRE2_EXTENDED},
- {"PCRE_NOTEOL",             PCRE_NOTEOL},
+ {"PCRE2_FIRSTLINE", PCRE2_FIRSTLINE},
- {"PCRE_UNGREEDY",           PCRE_UNGREEDY},
+ {"PCRE2_MATCH_UNSET_BACKREF", PCRE2_MATCH_UNSET_BACKREF},
- {"PCRE_NOTEMPTY",           PCRE_NOTEMPTY},
+ {"PCRE2_MULTILINE", PCRE2_MULTILINE},
- {"PCRE_UTF8",               PCRE_UTF8},
+ {"PCRE2_NEVER_UCP", PCRE2_NEVER_UCP},
- {"PCRE_NO_AUTO_CAPTURE",    PCRE_NO_AUTO_CAPTURE},
+ {"PCRE2_NEVER_UTF", PCRE2_NEVER_UTF},
- {"PCRE_NO_UTF8_CHECK",      PCRE_NO_UTF8_CHECK},
+ {"PCRE2_NO_AUTO_CAPTURE", PCRE2_NO_AUTO_CAPTURE},
- {"PCRE_AUTO_CALLOUT",       PCRE_AUTO_CALLOUT},
+ {"PCRE2_NO_AUTO_POSSESS", PCRE2_NO_AUTO_POSSESS},
- {"PCRE_PARTIAL",            PCRE_PARTIAL},
+ {"PCRE2_NO_DOTSTAR_ANCHOR", PCRE2_NO_DOTSTAR_ANCHOR},
- {"PCRE_DFA_SHORTEST",       PCRE_DFA_SHORTEST},
+ {"PCRE2_NO_START_OPTIMIZE", PCRE2_NO_START_OPTIMIZE},
- {"PCRE_DFA_RESTART",        PCRE_DFA_RESTART},
+ {"PCRE2_UCP", PCRE2_UCP},
- {"PCRE_FIRSTLINE",          PCRE_FIRSTLINE},
+ {"PCRE2_UNGREEDY", PCRE2_UNGREEDY},
- {"PCRE_DUPNAMES",           PCRE_DUPNAMES},
+ {"PCRE2_UTF", PCRE2_UTF},
- {"PCRE_NEWLINE_CR",         PCRE_NEWLINE_CR},
+ {"PCRE2_NEVER_BACKSLASH_C", PCRE2_NEVER_BACKSLASH_C},
- {"PCRE_NEWLINE_LF",         PCRE_NEWLINE_LF},
+ {"PCRE2_ALT_CIRCUMFLEX", PCRE2_ALT_CIRCUMFLEX},
- {"PCRE_NEWLINE_CRLF",       PCRE_NEWLINE_CRLF},
+ {"PCRE2_ALT_VERBNAMES", PCRE2_ALT_VERBNAMES},
- {"PCRE_NEWLINE_ANY",        PCRE_NEWLINE_ANY},
+ {"PCRE2_USE_OFFSET_LIMIT", PCRE2_USE_OFFSET_LIMIT},
- {"PCRE_NEWLINE_ANYCRLF",    PCRE_NEWLINE_ANYCRLF},
+ {"PCRE2_EXTENDED_MORE", PCRE2_EXTENDED_MORE},
- {"PCRE_BSR_ANYCRLF",        PCRE_BSR_ANYCRLF},
+ {"PCRE2_LITERAL", PCRE2_LITERAL},
- {"PCRE_BSR_UNICODE",        PCRE_BSR_UNICODE},
+ {"PCRE2_MATCH_INVALID_UTF", PCRE2_MATCH_INVALID_UTF},
+
+ {"PCRE_CASELESS",           PCRE2_CASELESS},
+ {"PCRE_MULTILINE",          PCRE2_MULTILINE},
+ {"PCRE_DOTALL",             PCRE2_DOTALL},
+ {"PCRE_EXTENDED",           PCRE2_EXTENDED},
+ {"PCRE_ANCHORED",           PCRE2_ANCHORED},
+ {"PCRE_DOLLAR_ENDONLY",     PCRE2_DOLLAR_ENDONLY},
+ {"PCRE_EXTRA",              PCRE2_EXTENDED_MORE},
+ {"PCRE_NOTBOL",             PCRE2_NOTBOL},
+ {"PCRE_NOTEOL",             PCRE2_NOTEOL},
+ {"PCRE_UNGREEDY",           PCRE2_UNGREEDY},
+ {"PCRE_NOTEMPTY",           PCRE2_NOTEMPTY},
+ {"PCRE_UTF8",               PCRE2_UTF},
+ {"PCRE_NO_AUTO_CAPTURE",    PCRE2_NO_AUTO_CAPTURE},
+ {"PCRE_NO_UTF8_CHECK",      PCRE2_MATCH_INVALID_UTF},
+ {"PCRE_AUTO_CALLOUT",       PCRE2_AUTO_CALLOUT},
+ {"PCRE_PARTIAL",            PCRE2_PARTIAL_SOFT},
+ {"PCRE_DFA_SHORTEST",       PCRE2_DFA_SHORTEST},
+ {"PCRE_DFA_RESTART",        PCRE2_DFA_RESTART},
+ {"PCRE_FIRSTLINE",          PCRE2_FIRSTLINE},
+ {"PCRE_DUPNAMES",           PCRE2_DUPNAMES},
+ {"PCRE_NEWLINE_CR",         PCRE2_NEWLINE_CR},
+ {"PCRE_NEWLINE_LF",         PCRE2_NEWLINE_LF},
+ {"PCRE_NEWLINE_CRLF",       PCRE2_NEWLINE_CRLF},
+ {"PCRE_NEWLINE_ANY",        PCRE2_NEWLINE_ANY},
+ {"PCRE_NEWLINE_ANYCRLF",    PCRE2_NEWLINE_ANYCRLF},
+ {"PCRE_BSR_ANYCRLF",        PCRE2_BSR_ANYCRLF},
+ {"PCRE_BSR_UNICODE",        PCRE2_BSR_UNICODE},
+
  {NULL, 0}
 };
 
 struct pcre_filter_data {
 	int users;
-	pcre * re;
+	pcre2_code * re;
+	pcre2_match_data * match_data;
 	int action;
 	char * replace;
 	struct ace *acl;
@@ -83,7 +114,8 @@ static void pcre_data_free(struct pcre_filter_data *pcrefd){
 	pthread_mutex_lock(&pcre_mutex);
 	pcrefd->users--;
 	if(!pcrefd->users){
-		if(pcrefd->re) pl->freefunc(pcrefd->re);
+		if(pcrefd->match_data) pcre2_match_data_free(pcrefd->match_data);
+		if(pcrefd->re) pcre2_code_free(pcrefd->re);
 		if(pcrefd->acl) pl->freeacl(pcrefd->acl);
 		if(pcrefd->replace) pl->freefunc(pcrefd->replace);
 		pl->freefunc(pcrefd);
@@ -123,7 +155,7 @@ static FILTER_ACTION pcre_filter_client(void *fo, struct clientparam * param, vo
 }
 
 static FILTER_ACTION pcre_filter_buffer(void *fc, struct clientparam *param, unsigned char ** buf_p, int * bufsize_p, int offset, int * length_p){
-	int ovector[48];
+	PCRE2_SIZE *ovector;
 	int count = 0;
 	struct ace *acl;
 	int match = 0;
@@ -143,8 +175,9 @@ static FILTER_ACTION pcre_filter_buffer(void *fc, struct clientparam *param, uns
 	if(!pcrefd->re) return pcrefd->action;
 	for(; offset < *length_p; nreplaces++){
 
-		count = pcre_exec(pcrefd->re, NULL, (char *)*buf_p, *length_p, offset, 0, ovector, 48);
+		count = pcre2_match(pcrefd->re, (PCRE2_SPTR)*buf_p, *length_p, offset, 0, pcrefd->match_data, NULL);
 		if(count <= 0) break;
+		ovector = pcre2_get_ovector_pointer(pcrefd->match_data);
 		if(!(replace = pcrefd->replace) || param->nooverwritefilter) return pcrefd->action;
 
 		replen = *length_p - ovector[1];
@@ -220,10 +253,11 @@ static void pcre_filter_close(void *fo){
 
 static int h_pcre(int argc, unsigned char **argv){
 	int action = 0;
-	pcre *re = NULL;
+	pcre2_code *re = NULL;
+	pcre2_match_data *match_data = NULL;
 	struct ace *acl;
-	int offset = 4;
+	int errcode;
-	const char * errptr;
+	PCRE2_SIZE erroffset;
 	struct pcre_filter_data *flt;
 	struct filter *newf;
 	char *replace = NULL;
@@ -235,7 +269,6 @@ static int h_pcre(int argc, unsigned char **argv){
 	else return 1;
 	if(!strncmp((char *)argv[0], "pcre_rewrite", 12)) {
 		int i,j;
-		offset = 5;
 		replace = pl->strdupfunc((char *)argv[4]);
 		if(!replace) return 9;
 		for(i=0, j=0; replace[i]; i++, j++){
@@ -264,22 +297,30 @@ static int h_pcre(int argc, unsigned char **argv){
 		}
 		replace[j] = 0;
 	}
-	if(!(acl = pl->make_ace(argc - offset, argv + offset))) return 2;
+	if(!(acl = pl->make_ace(argc - 4, argv + 4))) return 2;
 	acl->nolog = (strstr((char *)argv[2],"log") == 0);
 	if(*argv[3] && !(*argv[3] == '*' && !argv[3][1]) ){
-		re = pcre_compile((char *)argv[3], pcre_options, &errptr, &offset, NULL);
+		re = pcre2_compile((PCRE2_SPTR)argv[3], PCRE2_ZERO_TERMINATED, pcre_options, &errcode, &erroffset, NULL);
 		if(!re) {
 			pl->freefunc(acl);
 			if(replace) pl->freefunc(replace);
 			return 3;
 		}
+		match_data = pcre2_match_data_create_from_pattern(re, NULL);
+		if(!match_data) {
+			pcre2_code_free(re);
+			pl->freefunc(acl);
+			if(replace) pl->freefunc(replace);
+			return 4;
+		}
 	}
 	flt = pl->mallocfunc(sizeof(struct pcre_filter_data));
 	newf = pl->mallocfunc(sizeof(struct filter));
 
 	if(!flt || !newf) {
+		if(match_data) pcre2_match_data_free(match_data);
+		if(re) pcre2_code_free(re);
 		pl->freefunc(acl);
-		pl->freefunc(re);
 		if(replace) pl->freefunc(replace);
 		if(flt) pl->freefunc(flt);
 		return 4;
@@ -288,6 +329,114 @@ static int h_pcre(int argc, unsigned char **argv){
 	memset(newf, 0, sizeof(struct filter));
 	flt->action = action;
 	flt->re = re;
+	flt->match_data = match_data;
+	flt->acl = acl;
+	flt->replace = replace;
+	flt->users = 1;
+	newf->instance = "pcre";
+	newf->data = flt;
+	newf->filter_open = pcre_filter_open;
+	newf->filter_client = pcre_filter_client;
+	if(strstr((char *)argv[1], "request"))newf->filter_request = pcre_filter_buffer;
+	if(strstr((char *)argv[1], "cliheader"))newf->filter_header_cli = pcre_filter_buffer;
+	if(strstr((char *)argv[1], "clidata"))newf->filter_data_cli = pcre_filter_buffer;
+	if(strstr((char *)argv[1], "srvheader"))newf->filter_header_srv = pcre_filter_buffer;
+	if(strstr((char *)argv[1], "srvdata"))newf->filter_data_srv = pcre_filter_buffer;
+	newf->filter_clear = pcre_filter_clear;
+	newf->filter_close = pcre_filter_close;
+
+	if(!pcre_last_filter){
+		newf->next = pcre_first_filter.next;
+		pcre_first_filter.next=newf;
+	}
+	else {
+		newf->next = pcre_last_filter->next;
+		pcre_last_filter->next = newf;
+	}
+	pcre_last_filter=newf;
+
+	return 0;
+}
+
+static int h_pcre_rewrite(int argc, unsigned char **argv){
+	int action = 0;
+	pcre2_code *re = NULL;
+	pcre2_match_data *match_data = NULL;
+	struct ace *acl;
+	int errcode;
+	PCRE2_SIZE erroffset;
+	struct pcre_filter_data *flt;
+	struct filter *newf;
+	char *replace = NULL;
+
+	if(!strncmp((char *)argv[2], "allow",5)) action = PASS;
+	else if(!strncmp((char *)argv[2], "deny",4)) action = REJECT;
+	else if(!strncmp((char *)argv[2], "remove",6)) action = REMOVE;
+	else if(!strncmp((char *)argv[2], "dunno",5)) action = CONTINUE;
+	else return 1;
+	{
+		int i,j;
+		replace = pl->strdupfunc((char *)argv[4]);
+		if(!replace) return 9;
+		for(i=0, j=0; replace[i]; i++, j++){
+			if(replace[i] == '\\'){
+				switch(replace[i+1]){
+				case 'r':
+					i++;
+					replace[j] = '\r';
+					break;
+				case 'n':
+					i++;
+					replace[j] = '\n';
+					break;
+				case '0':
+					i++;
+					replace[j] = 0;
+					break;
+				case '\\':
+					i++;
+				default:
+					replace[j] = '\\';
+					break;
+				}
+			}
+			else replace[j] = replace[i];
+		}
+		replace[j] = 0;
+	}
+	if(!(acl = pl->make_ace(argc - 5, argv + 5))) return 2;
+	acl->nolog = (strstr((char *)argv[2],"log") == 0);
+	if(*argv[3] && !(*argv[3] == '*' && !argv[3][1]) ){
+		re = pcre2_compile((PCRE2_SPTR)argv[3], PCRE2_ZERO_TERMINATED, pcre_options, &errcode, &erroffset, NULL);
+		if(!re) {
+			pl->freefunc(acl);
+			if(replace) pl->freefunc(replace);
+			return 3;
+		}
+		match_data = pcre2_match_data_create_from_pattern(re, NULL);
+		if(!match_data) {
+			pcre2_code_free(re);
+			pl->freefunc(acl);
+			if(replace) pl->freefunc(replace);
+			return 4;
+		}
+	}
+	flt = pl->mallocfunc(sizeof(struct pcre_filter_data));
+	newf = pl->mallocfunc(sizeof(struct filter));
+
+	if(!flt || !newf) {
+		if(match_data) pcre2_match_data_free(match_data);
+		if(re) pcre2_code_free(re);
+		pl->freefunc(acl);
+		if(replace) pl->freefunc(replace);
+		if(flt) pl->freefunc(flt);
+		return 4;
+	}
+	memset(flt, 0, sizeof(struct pcre_filter_data));
+	memset(newf, 0, sizeof(struct filter));
+	flt->action = action;
+	flt->re = re;
+	flt->match_data = match_data;
 	flt->acl = acl;
 	flt->replace = replace;
 	flt->users = 1;
@@ -342,14 +491,14 @@ static int h_pcre_options(int argc, unsigned char **argv){
 
 static struct commands pcre_commandhandlers[] = {
 	{pcre_commandhandlers+1, "pcre", h_pcre, 4, 0},
-	{pcre_commandhandlers+2, "pcre_rewrite", h_pcre, 5, 0},
+	{pcre_commandhandlers+2, "pcre_rewrite", h_pcre_rewrite, 5, 0},
 	{pcre_commandhandlers+3, "pcre_extend", h_pcre_extend, 2, 0},
 	{NULL, "pcre_options", h_pcre_options, 2, 0}
 };
 
 static struct symbol regexp_symbols[] = {
-	{regexp_symbols+1, "pcre_compile", (void*) pcre_compile},
+	{regexp_symbols+1, "pcre2_compile", (void*) pcre2_compile},
-	{regexp_symbols+2, "pcre_exec", (void*) pcre_exec},
+	{regexp_symbols+2, "pcre2_match", (void*) pcre2_match},
 	{NULL, "pcre_options", (void *)&pcre_options},
 };
 
@@ -366,8 +515,6 @@ PLUGINAPI int PLUGINCALL pcre_plugin (struct pluginlink * pluginlink,
 	pl = pluginlink;
 	pcre_options = 0;
 	if(!pcre_loaded){
-		pcre_malloc = pl->mallocfunc;
-		pcre_free = pl->freefunc;
 		pcre_loaded = 1;
 		pthread_mutex_init(&pcre_mutex, NULL);
 		regexp_symbols[2].next = pl->symbols.next;

src/plugins/PamAuth/Makefile.inc

@@ -5,3 +5,4 @@ pamauth$(OBJSUFFICS): pamauth.c
 
 $(BUILDDIR)pamauth$(DLSUFFICS): pamauth$(OBJSUFFICS)
 	$(LN) $(LNOUT)../../$(BUILDDIR)pamauth$(DLSUFFICS) $(LDFLAGS) $(DLFLAGS) $(LIBSPREFIX)pam$(LIBSSUFFIX) pamauth$(OBJSUFFICS)
+

src/plugins/PamAuth/pamauth.c

@@ -92,7 +92,7 @@ static int pamfunc(struct clientparam *param)
   pthread_mutex_lock(&pam_mutex);
   if (!pamh)
     {
-	retval = pam_start ((char *)service, "3proxy@" , &conv, &pamh);
+	retval = pam_start ((char *)service, (char *)param->username, &conv, &pamh);
     }
    if (retval == PAM_SUCCESS)
        retval = pam_set_item (pamh, PAM_USER, param->username); 
@@ -102,6 +102,8 @@ static int pamfunc(struct clientparam *param)
 /*fprintf(stderr,"pam_set_item2 rc=%d\n",retval); */       
    if (retval == PAM_SUCCESS)
          retval = pam_authenticate (pamh, 0);  
+   if (retval == PAM_SUCCESS)
+       retval = pam_acct_mgmt (pamh, 0);
 /*fprintf(stderr,"pam_authenticate rc=%d\n",retval);*/
    
    if (retval == PAM_SUCCESS) {  /*auth OK*/  rc=0;   }

src/plugins/SSLPlugin/Makefile.inc

@@ -10,5 +10,5 @@ my_ssl$(OBJSUFFICS): my_ssl.c
 
 
 $(BUILDDIR)SSLPlugin$(DLSUFFICS): ssl_plugin$(OBJSUFFICS) my_ssl$(OBJSUFFICS)
-	$(LN) $(LNOUT)../../$(BUILDDIR)SSLPlugin$(DLSUFFICS) $(LDFLAGS) $(DLFLAGS) ssl_plugin$(OBJSUFFICS) my_ssl$(OBJSUFFICS) $(LIBS) 
+	$(LN) $(LNOUT)../../$(BUILDDIR)SSLPlugin$(DLSUFFICS) $(LDFLAGS) $(DLFLAGS) ssl_plugin$(OBJSUFFICS) my_ssl$(OBJSUFFICS) $(LIBSPREFIX)crypto$(LIBSSUFFIX) $(LIBSPREFIX)ssl$(LIBSSUFFIX) 
 	

src/proxy.h

@@ -154,6 +154,8 @@ extern int timetoexit;
 
 extern struct extparam conf;
 
+extern int timeouts[12];
+
 int sockmap(struct clientparam * param, int timeo, int usesplice);
 int socksend(struct clientparam *param, SOCKET sock, unsigned char * buf, int bufsize, int to);
 int socksendto(struct clientparam *param, SOCKET sock, struct sockaddr * sin, unsigned char * buf, int bufsize, int to);

src/structures.h

@@ -643,7 +643,7 @@ struct extparam {
 #else
 	int threadinit[2];
 #endif
-	int timeouts[12];
+	int *timeouts;
 	struct ace * acl;
 	char * conffile;
 	struct bandlim * bandlimiter,  *bandlimiterout;